Gartner slams security hype

A number of the most promoted security risks are nothing more than a load of hype, Gartner has said in an unexpected outbreak of sober assessment.

The analyst has decided to use its IT Security Summit in Washington DC this week, to name and shame the issues it sees as the most oversold. The top-five list comprises a number of favorites from the last year, namely the fear of mobile malware, the belief that Voice-over-IP (VOIP) is unsafe, concerns over wireless hotspots, the equation of regulatory compliance with security, and the idea of a super-worm that could spread on the Internet in a matter of minutes.

Of mobile malware, company vice president John Pescatore put it bluntly: "Anti-virus vendors see huge potential profit opportunities in selling security solutions to billions of cell phone and PDA users. In particular, the anti-viral industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market. However, device-side anti-viruses for cell phones will be completely ineffective."

Of the obsession with regulatory compliance, his analyst colleague Lawrence Orans said: "The best way to increase enterprise IT security is to buy and build software that has fewer vulnerabilities, but there has been no regulatory focus on this area."

Similarly, attacks on Voice-over-IP (VOIP) systems were rare -- which rendered elaborate security measure unnecessary -- and the threat to users of wireless hotspots could be greatly reduced with simple technology. The threat of what the company called the "Warhol worm", able to infect every unprotected PC on the Internet in 15 minutes, had been greatly exaggerated.

"Many businesses are delaying rolling out high productivity technologies, such as wireless local area networks (WLANs) and IP telephony systems because they have seen so much hype about potential threats," continued Orans in the official statement.

Perhaps it is fair to point out that Gartner has sometimes sent out mixed messages on these issues. Only last year it produced a report titled "Voice over IP Communications Must be Secured", that noted in the summary the unique attributes of the medium that made security important. Now Gartner appears to be playing down this issue. "Preventive measures for securing an IP telephony environment are very similar to securing a data-only environment," Orans is quoted as saying.

The company has also produced numerous paid-for reports in recent years on the subject of wireless and mobile security, which doesn't in itself invalidate its current stance but which will have added to the general impression in the minds of IT professionals that these are areas of real anxiety. Such is the delicate balance required in the analysis business.

Gartner publishes a Hype Cycle report on a variety of IT industries, which can be accessed in its website.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.